TechQA.

IPFW - Ruleset by default

1.5k views Asked by At

I'm trying to set a IPFW as open by default, so I do firewall_type="open", but when I do "ipfw flush", it only adds a "deny ip any from any" rule. Should it be "allow ip any from any"? I mean, If I flush the rules, should it be set only as the default ruleset or, instead of that, it will add that rule automatically?

Another question. If I restart the firewall doing "service ipfw restart", it add the whole open ruleset, but its last two rules are:

65000 allow ip from any to any
65535 deny ip from any to any

If firewall_type="open", should it be "65535 allow ip from any to any" only, without the last rule?

firewall freebsd ipfw
Original Q&A
1

There are 1 answers

0
Cod1ngFree On

I have read somewhere:

If the open policy is enabled in the kernel (IPFIREWALL_DEFAULT_TO_ACCEPT), then rule # 65535 will be automatically set to "allow ip from any to any" instead of "deny ip from any to any," thus making rule # 65000 as set in rc.firewall for the open policy redundant. As such, it is more apropos to indicate firewall type "UNKNOWN" if one enables an open policy in the kernel, and does not wish to enable any other rules.

Related Questions in FIREWALL

Related Questions in FREEBSD

Related Questions in IPFW

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions